use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class DNBase2Attribute method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
HttpSession session = request.getSession();
if (session.getAttribute(key) == null) {
AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
boolean isMember = false;
if (authInfo.getUserDN().toLowerCase().endsWith(this.dn)) {
isMember = true;
logger.debug("User is member");
} else {
isMember = false;
logger.debug("User is NOT member");
}
if (isMember) {
Attribute attr = authInfo.getAttribs().get(this.attributeName);
if (attr == null) {
attr = new Attribute(this.attributeName);
authInfo.getAttribs().put(this.attributeName, attr);
}
attr.getValues().add(this.attributeValue);
}
session.setAttribute(key, key);
}
chain.nextFilter(request, response, chain);
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class Group2Attribute method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
HttpSession session = request.getSession();
if (session.getAttribute(key) == null) {
AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
boolean isMember = false;
StringBuffer filter = new StringBuffer();
LDAPSearchResults res = cfgMgr.getMyVD().search(groupDN, 0, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), authInfo.getUserDN()).toString(), attribs);
if (res.hasMore()) {
res.next();
isMember = true;
logger.debug("User is member");
} else {
isMember = false;
logger.debug("User is NOT member");
}
if (isMember) {
Attribute attr = authInfo.getAttribs().get(this.attributeName);
if (attr == null) {
attr = new Attribute(this.attributeName);
authInfo.getAttribs().put(this.attributeName, attr);
}
attr.getValues().add(this.attributeValue);
}
session.setAttribute(key, key);
}
chain.nextFilter(request, response, chain);
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class UnisonConfigManagerImpl method loadAuthMechs.
/* (non-Javadoc)
* @see com.tremolosecurity.config.util.ConfigManager#loadAuthMechs()
*/
/* (non-Javadoc)
* @see com.tremolosecurity.config.util.UnisonConfigManager#loadAuthMechs()
*/
@Override
public void loadAuthMechs() throws ServletException {
try {
this.mechs = new HashMap<String, AuthMechanism>();
// UnisonConfigManagerImpl tremoloCfg = (UnisonConfigManagerImpl) ctx.getAttribute(ConfigFilter.TREMOLO_CONFIG);
if (getCfg().getAuthMechs() != null) {
Iterator<MechanismType> mechs = getCfg().getAuthMechs().getMechanism().iterator();
while (mechs.hasNext()) {
MechanismType mt = mechs.next();
initializeAuthenticationMechanism(mt);
}
}
} catch (Exception e) {
throw new ServletException("Could not initialize Auth Mechanism Filter", e);
}
for (String key : this.authChains.keySet()) {
AuthChainType act = this.authChains.get(key);
if (act.getLevel() == 0) {
this.anonAct = act;
String mechName = act.getAuthMech().get(0).getName();
this.anonAuthMech = (AnonAuth) this.getAuthMech(this.authMechs.get(mechName).getUri());
}
}
if (this.anonAuthMech == null) {
this.anonAct = new AuthChainType();
this.anonAct.setFinishOnRequiredSucess(true);
this.anonAct.setLevel(0);
this.anonAct.setName("anon");
this.anonAuthMech = new AnonAuth();
}
if (this.alwaysFailAuth == null) {
this.alwaysFailAuth = new AlwaysFail();
String failAuthUri = this.ctxPath + "/fail";
this.mechs.put(failAuthUri, alwaysFailAuth);
MechanismType fmt = new MechanismType();
fmt.setClassName("com.tremolosecurity.proxy.auth.AlwaysFail");
fmt.setInit(new ConfigType());
fmt.setParams(new ParamListType());
fmt.setName("fail");
fmt.setUri(failAuthUri);
if (this.cfg.getAuthMechs() == null) {
this.cfg.setAuthMechs(new AuthMechTypes());
}
this.cfg.getAuthMechs().getMechanism().add(fmt);
this.alwaysFailAuthMech = fmt;
}
for (String key : this.authChains.keySet()) {
AuthChainType act = this.authChains.get(key);
for (AuthMechType amt : act.getAuthMech()) {
if (amt.getName().equals(this.alwaysFailAuthMech.getName())) {
this.authFailChain = act;
break;
}
}
}
if (this.authFailChain == null) {
this.authFailChain = new AuthChainType();
this.authFailChain.setLevel(0);
this.authFailChain.setName("alwaysfail");
AuthMechType amt = new AuthMechType();
amt.setName(this.alwaysFailAuthMech.getName());
amt.setRequired("required");
amt.setParams(new AuthMechParamType());
this.authFailChain.getAuthMech().add(amt);
}
try {
if (this.getCfg().getAuthMechs() != null && this.getCfg().getAuthMechs().getDynamicAuthMechs() != null && this.getCfg().getAuthMechs().getDynamicAuthMechs().isEnabled()) {
DynamicPortalUrlsType dynamicAuthMechs = this.getCfg().getAuthMechs().getDynamicAuthMechs();
String className = dynamicAuthMechs.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicAuthMechs.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicAuthMechs dynCustomAuMechs = (DynamicAuthMechs) Class.forName(className).newInstance();
dynCustomAuMechs.loadDynamicAuthMechs(this, this.getProvisioningEngine(), cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException | ProvisioningException e) {
throw new ServletException("Could not initialize authentication mechanisms", e);
}
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class Groups2Attribute method doFilter.
@Override
public void doFilter(HttpFilterRequest request, HttpFilterResponse response, HttpFilterChain chain) throws Exception {
HttpSession session = request.getSession();
if (session.getAttribute(key) == null) {
AuthInfo authInfo = ((AuthController) session.getAttribute(ProxyConstants.AUTH_CTL)).getAuthInfo();
Attribute members = authInfo.getAttribs().get(this.attrName);
if (members == null) {
members = new Attribute();
authInfo.getAttribs().put(this.attrName, members);
}
StringBuffer filter = new StringBuffer();
ArrayList<String> attrs = new ArrayList<String>();
attrs.add("cn");
LDAPSearchResults res = this.cfg.getMyVD().search(this.base, 2, equal(GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getGroupMemberAttribute(), authInfo.getUserDN()).toString(), attrs);
while (res.hasMore()) {
LDAPEntry entry = res.next();
String cn = entry.getAttribute("cn").getStringValue();
if (p != null) {
Matcher m = p.matcher(cn);
if (m.matches()) {
members.getValues().add(m.group(groupNum));
}
} else {
members.getValues().add(cn);
}
}
session.setAttribute(key, key);
}
chain.nextFilter(request, response, chain);
}
use of com.tremolosecurity.saml.Attribute in project OpenUnison by TremoloSecurity.
the class Groups2Attribute method initFilter.
@Override
public void initFilter(HttpFilterConfig config) throws Exception {
this.cfg = config.getConfigManager();
Attribute attr = config.getAttribute("base");
if (attr == null) {
throw new Exception("No base specified");
}
this.base = attr.getValues().get(0);
attr = config.getAttribute("pattern");
if (attr != null && !attr.getValues().get(0).isEmpty()) {
this.p = Pattern.compile(attr.getValues().get(0));
} else {
this.p = null;
}
attr = config.getAttribute("attrName");
if (attr == null) {
throw new Exception("No attribute name specified");
}
this.attrName = attr.getValues().get(0);
attr = config.getAttribute("groupNum");
if (attr != null) {
this.groupNum = Integer.parseInt(attr.getValues().get(0));
}
StringBuffer b = new StringBuffer();
b.append("GS2ATTR_").append(this.attrName).append("_RUN");
this.key = b.toString();
}
Aggregations